MySQL 5.5 and PHP 5 are outdated and insecure - my question is, will they be updated within the Debian 8 updates in "foreseeable" time, or should all admins running Debian 8 as a server update them manually?

w-sky wrote:MySQL 5.5 and PHP 5 are outdated and insecure - my question is, will they be updated within the Debian 8 updates in "foreseeable" time, or should all admins running Debian 8 as a server update them manually?

Are you referring to existing vulnerabilities or have you found others which should be reported to the Debian Security Team. Debian 8 only receives security updates but you might consider installing mysql from jessie-backports if you need any features not available using the current stable packages; for example:

No I'm referring only to known vulnerabilities and drawbacks. For example, PHP 7 is twice as fast as PHP 5 – this alone is a major reason to upgrade – and PHP 5 latest version still has options that when enabled can cause a security risk.Wordpress.com recommends using MySQL 5.6 or greater and they surely have their reasons too. https://wordpress.org/about/requirements/

those issues were already addressed in this thread and are things that people maintaining a server should already know.... Reiteration: Security Team takes care of known vulnerabilities. PHP 7 will not be available on Debian 8. it's less safe to use backported or your own install manually/from source than the one in the repository, but at the end of the day that's your call

PHP and MySQL are crucial features of web site hosting servers that no sysadmin in their right minds would 'update' according to the whims of upstream providers. It would destroy their businesses almost immediately.

The reason is that enterprise website software is often created by independent developers, or if used as a pre-existing package like Drupal can be massive in size and complexity, and not take too well to updates messing with their modifications and specialized scripts.

Some ecommerce sites, even my own are running software over a decade old, and are not about to pay thousands in developer fees because some propellorhead tells the owners it may save a second or so on loading time, when their hardware is fast enough so that it is not an issue.

For blog software like Wordpress which must always be updated, and where software mods are actively discouraged, this may not be a problem - but for ecommerce sites stability instead of 'new' features is what keeps them in business.

Edited to add:Things would not be so bad if newer versions of LAMPP programs had a history of coexisting with legacy code. But PHP for example has the notoriety of crashing due to 'deprecated' function names. And even perl needs certain switches set to avoid that problem. Not sure about MySQL or Apache though.

If you should ever consider developing websites or hosting utils - it would be well so see what software versions of the LAMPP stack are preferred at the time. The good news is that some hosts will permit differing versions of PHP and I believe mySQl for their customers.

The geniuses in the linux cult performs such nonsense all the time -- it is their default setting. Generally they like to waste monumental effort making millions of useless window managers, and backporting security fixes and bugfixes from software they want to hold hostage for about 4-6 years in time in a semi-frozen state under the deluded notion that it is more secure. Meanwhile stuff that is missing or annoying never gets dealt with and only gets worse. How could it, they are too busy making too many desktop environments that are lacking and don't work together beceause herrr-derr "freedom to suck", trying to patch dinosaur software that upstream doesn't care about as they stopped supporting it, etc.?

Don't try to argue with true believers of this cult. Instead go to your local Scientology center for sane conversation. Anyway maybe on the server that approach has merit, but there is no reason why home users should be using four to six year old versions of browsers, torrent clients, crappy outdated word processors that anyway cannot interact with documents that most the world creates anyway, etc. Frankly these people don't care and will suffer with nonsense and inferiority as long it is open-source inferiority.